Problem
I'm unable to authenticate against the https://accounts.cloud.databricks.com endpoint even though I'm an account admin. I need it to assign account level groups to workspaces via the workspace assignment api (https://api-docs.databricks.com/rest/latest/permission-assignment-account-api.html) which is recommended by Databricks.
Our Databricks instance is deployed to AWS.
What's been tried
- Create PAT token
- Test that I can authenticate against workspace endpoints
- Test workspace assignment endpoint with unauthorised error
- Calling Groups account endpoint with unauthorised error
Code
def list_account_groups():
"""Note: Requires Account admin PAT token to list all account groups"""
api_version = '/api/2.0'
api_command = "/scim/v2/Groups"
url = f"https://accounts.cloud.databricks.com{api_version}/accounts/{ACCOUNT_ID}{api_command}"
header = {
"accept": "application/scim+json",
"Authorization": f"Bearer {DATABRICKS_TOKEN}"
}
response = requests.get(url, headers=header)
print(response.status_code)
print(json.dumps(json.loads(response.text), indent = 2))
Response:
401
{
"message": "Cannot complete request; user is unauthenticated"
}